Display Widgets Plugin Dynamic Post Hacker Code
After being moderated I noticed another issue with the Display Widgets plugin related to code which looks like it generates a WordPress Post dynamically when logged OUT users visit a site!
Screenshot of some of the code above, it’s from the geolocation.php file.
This code allows the Display Widgets plugin developer to dynamically generate a WordPress Post on Display Widget plugin user sites (up to 200,000 sites – I think at least 50,000 updated to the 2.6.* code).
Also see the Safe Display Widgets plugin 4.*.
Continue Reading Display Widgets Plugin Review
